Integrity: If a poor cast leads to a buffer underwrite, data integrity may be affected.

Access control (instruction processing): Improper unsigned-to-signed conversions often create buffer underwrite conditions which can be used to execute arbitrary code. This is usually outside the scope of a program's implicit security policy.

Exposure period

Requirements specification: The choice could be made to use a language that is not susceptible to these issues.

Design: Accessor functions may be designed to mitigate some of these logical issues.

Implementation: Many logic errors can lead to this condition. It can be exacerbated by lack of or misuse of mitigating technologies.

Platform

Languages: C, C++, Fortran, Assembly

Operating platforms: All

Required resources

Any

Severity

High

Likelihood of exploit

Low to Medium

Although less frequent an issue than signed-to-unsigned casting, unsigned-to-signed casting can be the perfect precursor to dangerous buffer underwrite conditions that allow attackers to move down the stack where they otherwise might not have access in a normal buffer overflow condition.

Buffer underwrites occur frequently when large unsigned values are cast to signed values, and then used as indexes into a buffer or for pointer arithmetic.

Risk Factors

TBD

Examples

While not exploitable, the following program is an excellent example of how implicit casts, while not changing the value stored, significantly changes its use: